Bug #105669 --safe-user-create option not working
Submitted: 23 Nov 2021 4:48 Modified: 23 Nov 2021 13:58
Reporter: Raghavendra Babu K Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.7.36-enterprise-commercial-advanced-lo OS:Any
Assigned to: CPU Architecture:Any

[23 Nov 2021 4:48] Raghavendra Babu K
Description:
--safe-user-create option not working

Hi Team,

Added safe-user-create flag in my.conf file.

[mysqld]

 safe-user-create=ON

Once MySQL started I queried the safe-user-create' variable and returned an empty set.

mysql> SHOW VARIABLES LIKE 'safe-user-create';

Empty set (0.00 sec)

Created a test1 user using the command's

---------------------------------------------

CREATE USER 'test1'@'localhost' IDENTIFIED BY 'test';

GRANT CREATE USER ON *.* TO 'test1'@'localhost';

mysql> SHOW GRANTS FOR 'test1'@'localhost';

+-------------------------------------------------+

| Grants for test1@localhost           |

+-------------------------------------------------+

| GRANT CREATE USER ON *.* TO 'test1'@'localhost' |

+-------------------------------------------------+

1 row in set (0.00 sec)

Logged in using test1 user and able to create a user without INSERT(user) privileges

----------------------------------------------------------------------------------------

[root@localhost bin]# ./mysql -utest1 -ptest

mysql: [Warning] Using a password on the command line interface can be insecure.

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 55

Server version: 5.7.36-enterprise-commercial-advanced-log MySQL Enterprise Server - Advanced Edition (Commercial)

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> CREATE USER 'test10'@'localhost';

Query OK, 0 rows affected (0.01 sec)

There is not much info found on the web/documentation for safe-user-create.

Can someone share more info related to safe-user-create option about usage/validation?

Thanks,

Ramesh

How to repeat:
Created a test1 user using the command's

---------------------------------------------

CREATE USER 'test1'@'localhost' IDENTIFIED BY 'test';

GRANT CREATE USER ON *.* TO 'test1'@'localhost';

Logged in using test1 user and able to create a user without INSERT(user) privileges

----------------------------------------------------------------------------------------
[root@localhost bin]# ./mysql -utest1 -ptest

mysql> CREATE USER 'test10'@'localhost';
[23 Nov 2021 13:58] MySQL Verification Team
Hi Mr. Babu,

Thank you for your bug report.

However, it is not a bug.

If you read our Reference Manual, particularly chapter 5.1.3, you will see that this variable is not readable. This is done for the safety reasons. This is not a system variable, but only an option.

Also, your proof of this option not working has nothing to do with the meaning of that option.

Not a bug.